<!DOCTYPE html>
<html lang="en">

<head>
  <meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="PacketBeat 快速入门 下载 PackerBeat  https://www.elastic.co/cn/downloads/past-releases#packetbeat 这里下载的是 7.9.3， MAC 版  下载后解压目录如下：
$ ll packetbeat-7.9.3-darwin-x86_64 -rw-r--r--@ 1 kail staff 13675 10 16 2020 LICENSE.txt -rw-r--r--@ 1 kail staff 8440372 10 16 2020 NOTICE.txt -rw-r--r--@ 1 kail staff 839 10 16 2020 README.md # 入门帮助文档 -rw-r--r--@ 1 kail staff 264515 10 16 2020 fields.yml # drwxr-xr-x@ 3 kail staff 96 10 16 2020 kibana # kibana dashboard 模板 -rwxr-xr-x@ 1 kail staff 94641136 10 16 2020 packetbeat # 启动命令 -rw-r--r--@ 1 kail staff 71735 10 16 2020 packetbeat."><meta property="og:title" content="" />
<meta property="og:description" content="PacketBeat 快速入门 下载 PackerBeat  https://www.elastic.co/cn/downloads/past-releases#packetbeat 这里下载的是 7.9.3， MAC 版  下载后解压目录如下：
$ ll packetbeat-7.9.3-darwin-x86_64 -rw-r--r--@ 1 kail staff 13675 10 16 2020 LICENSE.txt -rw-r--r--@ 1 kail staff 8440372 10 16 2020 NOTICE.txt -rw-r--r--@ 1 kail staff 839 10 16 2020 README.md # 入门帮助文档 -rw-r--r--@ 1 kail staff 264515 10 16 2020 fields.yml # drwxr-xr-x@ 3 kail staff 96 10 16 2020 kibana # kibana dashboard 模板 -rwxr-xr-x@ 1 kail staff 94641136 10 16 2020 packetbeat # 启动命令 -rw-r--r--@ 1 kail staff 71735 10 16 2020 packetbeat." />
<meta property="og:type" content="article" />
<meta property="og:url" content="https://hello-world-example.gitee.io/elasticbeats/docs/Packetbeat/Quick-Start/" />
<meta property="article:modified_time" content="2023-05-28T19:05:05+08:00" />
<title>Quick Start | ElasticBeats</title>
<link rel="icon" href="/elasticbeats/favicon.png" type="image/x-icon">


<link rel="stylesheet" href="/elasticbeats/book.min.00b8e784201abfe629a6e0741e94bf44575af8612aec171d94e4ecbd3692cf5c.css" integrity="sha256-ALjnhCAav&#43;YppuB0HpS/RFda&#43;GEq7BcdlOTsvTaSz1w=">


<!--
Made with Book Theme
https://github.com/alex-shpak/hugo-book
-->

  
</head>

<body>
  <input type="checkbox" class="hidden" id="menu-control" />
  <main class="container flex">
    <aside class="book-menu">
      
  <nav>
<h2 class="book-brand">
  <a href="/elasticbeats"><span>ElasticBeats</span>
  </a>
</h2>












  <ul>
<li>
  <a href="http://hello-world-example.gitee.io/elasticsearch"><strong>ElasticSearch 🔗</strong></a></li>
<li><strong>Filebeat</strong>
<ul>
<li>
  <a href="/elasticbeats/docs/Filebeat/Quick-Start/">Quick Start</a></li>
</ul>
</li>
<li><strong>Packetbeat</strong>
<ul>
<li>
  <a href="/elasticbeats/docs/Packetbeat/Quick-Start/"class=active>Quick Start</a></li>
</ul>
</li>
</ul>










</nav>




  <script>(function(){var menu=document.querySelector("aside.book-menu nav");addEventListener("beforeunload",function(event){localStorage.setItem("menu.scrollTop",menu.scrollTop);});menu.scrollTop=localStorage.getItem("menu.scrollTop");})();</script>


 
    </aside>

    <div class="book-page">
      <header class="book-header">
        
  <div class="flex align-center justify-between">
  <label for="menu-control">
    <img src="/elasticbeats/svg/menu.svg" class="book-icon" alt="Menu" />
  </label>

  <strong>Quick Start</strong>

  <label for="toc-control">
    <img src="/elasticbeats/svg/toc.svg" class="book-icon" alt="Table of Contents" />
  </label>
</div>


  
    <input type="checkbox" class="hidden" id="toc-control" />
    <aside class="hidden clearfix">
      
  <nav id="TableOfContents">
  <ul>
    <li><a href="#packetbeat-快速入门">PacketBeat 快速入门</a>
      <ul>
        <li><a href="#下载-packerbeat">下载 PackerBeat</a></li>
        <li><a href="#常用命令">常用命令</a></li>
        <li><a href="#配置文件">配置文件</a></li>
        <li><a href="#注意事项">注意事项</a></li>
        <li><a href="#read-more">Read More</a></li>
      </ul>
    </li>
  </ul>
</nav>


    </aside>
  
 
      </header>

      
      
  <article class="markdown"><h1 id="packetbeat-快速入门">PacketBeat 快速入门</h1>
<h2 id="下载-packerbeat">下载 PackerBeat</h2>
<ul>
<li><a href="https://www.elastic.co/cn/downloads/past-releases#packetbeat">https://www.elastic.co/cn/downloads/past-releases#packetbeat</a></li>
<li>这里下载的是 <code>7.9.3</code>， MAC 版</li>
</ul>
<p>下载后解压目录如下：</p>
<div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">$ ll packetbeat-7.9.3-darwin-x86_64
-rw-r--r--@ <span style="color:#ae81ff">1</span> kail  staff     <span style="color:#ae81ff">13675</span> <span style="color:#ae81ff">10</span> <span style="color:#ae81ff">16</span>  <span style="color:#ae81ff">2020</span> LICENSE.txt
-rw-r--r--@ <span style="color:#ae81ff">1</span> kail  staff   <span style="color:#ae81ff">8440372</span> <span style="color:#ae81ff">10</span> <span style="color:#ae81ff">16</span>  <span style="color:#ae81ff">2020</span> NOTICE.txt
-rw-r--r--@ <span style="color:#ae81ff">1</span> kail  staff       <span style="color:#ae81ff">839</span> <span style="color:#ae81ff">10</span> <span style="color:#ae81ff">16</span>  <span style="color:#ae81ff">2020</span> README.md                 <span style="color:#75715e"># 入门帮助文档</span>
-rw-r--r--@ <span style="color:#ae81ff">1</span> kail  staff    <span style="color:#ae81ff">264515</span> <span style="color:#ae81ff">10</span> <span style="color:#ae81ff">16</span>  <span style="color:#ae81ff">2020</span> fields.yml                # 
drwxr-xr-x@ <span style="color:#ae81ff">3</span> kail  staff        <span style="color:#ae81ff">96</span> <span style="color:#ae81ff">10</span> <span style="color:#ae81ff">16</span>  <span style="color:#ae81ff">2020</span> kibana                    <span style="color:#75715e"># kibana dashboard 模板</span>
-rwxr-xr-x@ <span style="color:#ae81ff">1</span> kail  staff  <span style="color:#ae81ff">94641136</span> <span style="color:#ae81ff">10</span> <span style="color:#ae81ff">16</span>  <span style="color:#ae81ff">2020</span> packetbeat                <span style="color:#75715e"># 启动命令</span>
-rw-r--r--@ <span style="color:#ae81ff">1</span> kail  staff     <span style="color:#ae81ff">71735</span> <span style="color:#ae81ff">10</span> <span style="color:#ae81ff">16</span>  <span style="color:#ae81ff">2020</span> packetbeat.reference.yml  <span style="color:#75715e"># 完整的配置参考</span>
-rw-------@ <span style="color:#ae81ff">1</span> kail  staff      <span style="color:#ae81ff">9492</span> <span style="color:#ae81ff">10</span> <span style="color:#ae81ff">16</span>  <span style="color:#ae81ff">2020</span> packetbeat.yml            <span style="color:#75715e"># 配置文件</span>
</code></pre></div><h2 id="常用命令">常用命令</h2>
<div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash"><span style="color:#75715e"># 列出所有可用的网卡</span>
$ ./packetbeat devices
0: en0 <span style="color:#f92672">(</span>No description available<span style="color:#f92672">)</span> <span style="color:#f92672">(</span>fe80::4ec:d329:1c62:7987 192.168.31.164<span style="color:#f92672">)</span>
1: awdl0 <span style="color:#f92672">(</span>No description available<span style="color:#f92672">)</span> <span style="color:#f92672">(</span>fe80::18c3:e6ff:fe1b:76b5<span style="color:#f92672">)</span>
...


</code></pre></div><h2 id="配置文件">配置文件</h2>
<div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-yaml" data-lang="yaml"><span style="color:#66d9ef">packetbeat.interfaces.device</span>: en0

<span style="color:#75715e"># https://www.elastic.co/guide/en/beats/packetbeat/7.17/packetbeat-http-options.html</span>
<span style="color:#66d9ef">packetbeat.protocols</span>:
- <span style="color:#66d9ef">type</span>: http
  <span style="color:#66d9ef">ports</span>: [<span style="color:#ae81ff">80</span>, <span style="color:#ae81ff">8080</span>, <span style="color:#ae81ff">8000</span>, <span style="color:#ae81ff">5000</span>, <span style="color:#ae81ff">8002</span>]
  <span style="color:#66d9ef">send_request</span>: <span style="color:#66d9ef">false</span>
  <span style="color:#66d9ef">send_response</span>: <span style="color:#66d9ef">true</span>
  <span style="color:#66d9ef">keep_null</span>: <span style="color:#66d9ef">true</span>
  <span style="color:#66d9ef">split_cookie</span>: <span style="color:#66d9ef">true</span>
  <span style="color:#66d9ef">real_ip_header</span>: <span style="color:#e6db74">&#34;X-Forwarded-For&#34;</span>
  <span style="color:#66d9ef">include_body_for</span>: [<span style="color:#e6db74">&#34;text/html&#34;</span>]
  <span style="color:#66d9ef">fields</span>:
    <span style="color:#66d9ef">env</span>: local


<span style="color:#75715e"># https://www.elastic.co/guide/en/beats/packetbeat/7.17/console-output.html</span>
<span style="color:#66d9ef">output.console</span>:
  <span style="color:#66d9ef">pretty</span>: <span style="color:#66d9ef">true</span>

<span style="color:#75715e"># https://www.elastic.co/guide/en/beats/packetbeat/7.17/file-output.html</span>
<span style="color:#66d9ef">output.file</span>:
  <span style="color:#66d9ef">path</span>: <span style="color:#e6db74">&#34;/tmp/packetbeat&#34;</span>
  <span style="color:#66d9ef">filename</span>: packetbeat
  <span style="color:#66d9ef">rotate_every_kb</span>: <span style="color:#ae81ff">10240</span>
  <span style="color:#66d9ef">number_of_files</span>: <span style="color:#ae81ff">7</span>
</code></pre></div><h2 id="注意事项">注意事项</h2>
<ul>
<li><code>packetbeat.interfaces.device</code> 设置为 <code>any</code> 在 MAC 不生效</li>
<li><code>packetbeat.interfaces.type</code> 在 Linux 下设置为 <code>af_packet</code> 比默认值 <code>pcap</code> 性能更快</li>
</ul>
<h2 id="read-more">Read More</h2>
<ul>
<li>
  <a href="https://www.elastic.co/guide/en/beats/packetbeat/7.17/packetbeat-installation-configuration.html">Packetbeat quick start: installation and configuration | Packetbeat Reference 7.17 | Elastic</a> &raquo; 快速入门</li>
<li>
  <a href="https://www.elastic.co/guide/en/beats/packetbeat/7.17/directory-layout.html">Directory layout | Packetbeat Reference 7.17 | Elastic</a> &raquo; 环境变量</li>
<li>
  <a href="https://www.elastic.co/guide/en/beats/packetbeat/7.17/command-line-options.html">Packetbeat command reference | Packetbeat Reference 7.17| Elastic</a> &raquo; 命令行文档</li>
<li>
  <a href="https://www.elastic.co/guide/en/beats/packetbeat/7.17/http-endpoint.html">Configure an HTTP endpoint for metrics | Packetbeat Reference 7.17 | Elastic</a> &raquo; 开放 HTTP 端口</li>
<li>
  <a href="https://www.elastic.co/guide/en/beats/packetbeat/7.17/configuring-internal-queue.html">Configure the internal queue | Packetbeat Reference 7.17 | Elastic</a> &raquo; 内部队列</li>
</ul>
</article>
 
      

      <footer class="book-footer">
        
  <div class="flex justify-between">



  <div>
    
    <a class="flex align-center" href="https://gitee.com/hello-world-example/ElasticBeats/commit/6e55c115e78b7d52b7e1a4d102880088c9585ca4" title='Last modified by kaibin.yang | May 28, 2023' target="_blank" rel="noopener">
      <img src="/elasticbeats/svg/calendar.svg" class="book-icon" alt="Calendar" />
      <span>May 28, 2023</span>
    </a>
  </div>



  <div>
    <a class="flex align-center" href="https://gitee.com/hello-world-example/ElasticBeats/edit/master/HuGo/content/docs/Packetbeat/Quick-Start.md" target="_blank" rel="noopener">
      <img src="/elasticbeats/svg/edit.svg" class="book-icon" alt="Edit" />
      <span>Edit this page</span>
    </a>
  </div>

</div>

 
        <script>
    var images = document.getElementsByTagName("img")
    for (var i = 0; i < images.length; i++) {
        var image = images[i]
        var src = image.getAttribute("src");
         
        if (src.startsWith("-images")) {
            image.setAttribute("src", "../" + src)
        }
         
        if (window.location.href.indexOf("/posts/")) {
            src = src.replace("../drawio/", "../../drawio/")
            image.setAttribute("src", src)
        }
         
        if (src.startsWith("../drawio/")) {
            image.setAttribute("src", src.replace("../drawio/", "../"))
        }

         
        if(src.indexOf("/svg/") < 0){
             
            image.onclick = function (e) {
                window.open(e.target.getAttribute("src"))
            }
        }
    }

</script>

      </footer>

      
  
  <div class="book-comments">

</div>
  
 

      <label for="menu-control" class="hidden book-menu-overlay"></label>
    </div>

    
    <aside class="book-toc">
      
  <nav id="TableOfContents">
  <ul>
    <li><a href="#packetbeat-快速入门">PacketBeat 快速入门</a>
      <ul>
        <li><a href="#下载-packerbeat">下载 PackerBeat</a></li>
        <li><a href="#常用命令">常用命令</a></li>
        <li><a href="#配置文件">配置文件</a></li>
        <li><a href="#注意事项">注意事项</a></li>
        <li><a href="#read-more">Read More</a></li>
      </ul>
    </li>
  </ul>
</nav>

 
    </aside>
    
  </main>

  
</body>

</html>












